Szokásunkhoz híven összegyűjtöttük az e havi hivatalosan feltárt Joomla biztonsági hibákat, az e havi lista is magáért beszél:

2010.06.27.-2010.06.30.

• Joomla JE Story Submit Component “view” File Inclusion Vulnerability
• Joomla JE Media Player Component “view” File Inclusion Vulnerability
• Joomla BookLibrary Component Multiple SQL Injection Vulnerabilities
• Joomla Joomanager SQL Injection Vulnerability
• Joomla Component Gamesbox com_gamesbox 1.0.2 (id) SQL Injection Vulnerability
• Joomla Component (com_sef) RFI
• Joomla Tárhely JE Awd Song Component Persistent XSS Vulnerability
• Joomla JE Job Component com_jejob LFI Vulnerability

2010.06.23.-2010.06.26.

• Joomla JE Ajax Event Calendar SQL Injection Vulnerability
• Joomla Component com_realtyna LFI vulnerability
• Joomla Component (com_sef) RFI
• Joomla com_awd_song persistent xss Vulnerability
• Joomla je-media-player LFI Vulnerability
• Joomla Component com_virtuemart Remote File Inclusion
• Joomla jeeventcalenda LFI Vulnerability
• Joomla com_jejob LFI Vulnerability
• Joomla jesectionfinder LFI Vulnerability

2010.06.20.-2010.06.22.

• Joomla CMS Realty Component “Itemid” Cross-Site Scripting Vulnerability
• Joomla Jobline Component “Itemid” Cross-Site Scripting Vulnerability
• Joomla JFaq Component Multiple Vulnerabilities
• Joomla Component com_ybggal 1.0 (catid) SQL Injection Vulnerability
• Joomla Component Picasa2Gallery LFI tárhely vulnerability
• Joomla Template BizWeb com_community Persistent XSS Vulnerability
• Joomla Hot Property com_jomestate RFI Vulnerability
• Joomla Component JomSocial 1.6.288 Multiple XSS
• Joomla Component com_eportfolio Upload Vulnerability

Ez úton közöljük az összegyűjtött májusi Joomla biztonsági hibákat, a már megszokott méretekkel rendelkezik:

2010.05.28.-2010.05.31.

• Joomla Medi-QnA Component “controller” File Inclusion Vulnerability
• Joomla “search” Cross-Site Scripting Vulnerability Input passed to the “search” parameter in administrator/index.php (when “option” is set to “com_users”, “com_trash”, “com_content”, “com_sections”, “com_categories”, “com_frontpage”, “com_messages”, “com_banners”, “com_contact”, “com_menus” when “task” is set to “view”, “com_newsfeeds”, “com_poll”, “com_weblinks”, “com_modules”, or “com_plugins”) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
• Joomla BF Quiz Component “catid” SQL Injection Vulnerability
• Joomla My Car Component Two Vulnerabilities
• Joomla com_quran SQL Injection vulnerability
• Joomla Component com_g2bridge LFI vulnerability

2010.05.19.-2010.05.27.

• Joomla Percha Multicategory Article Component “controller” File Inclusion
• Joomla com_qpersonel SQL Injection Remote Exploit

2010.05.13.-2010.05.18.

• Joomla Component FDione Form Wizard lfi vulnerability
• Joomla Component Seber Cart (getPic.php) Local File Disclosure Vulnerability
• Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
• Joomla Component com_konsultasi (sid) SQL Injection Vulnerability
• Joomla Component com_jequoteform – Local File Inclusion
• Joomla Component JE Job Local File Inclusion Vulnerability
• Joomla Component com_camp SQL Injection Vulnerability
• Joomla Component MS Comment LFI Vulnerability
• Joomla Component simpledownload LFI Vulnerability
• Joomla Tárhely Component com_event another sql injection Vulnerability
• Joomla Component com_event Multiple Vulnerabilities
• Joomla Component com_crowdsource SQL Injection
• Joomla Component com_packages SQL Injection Vulnerability
• Joomla 3D Users Cloud Module “tagcloud” Cross-Site Scripting Vulnerability
• Joomla JE Job Component Two Vulnerabilities
• Joomla JE Ajax Event Calendar Component “view” File Inclusion Vulnerability
• Joomla JE Quotation Form Component “view” File Inclusion Vulnerability

2010.05.07.-2010.05.12.

• Joomla Module Camp26 Visitor Data 1.1 Remote code Execution
• Joomla Custom PHP Pages Component com_php LFI Vulnerability
• Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability